Details of VAR-202305-2804

ID

VAR-202305-2804

CVE

CVE-2023-34263

TITLE

FATEK Automation Corporation of FvDesigner Vulnerability in accessing uninitialized pointers in

Trust: 0.8

sources: JVNDB: JVNDB-2023-028468

DESCRIPTION

Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162. FATEK Automation Corporation of FvDesigner Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.34

sources: NVD: CVE-2023-34263 // JVNDB: JVNDB-2023-028468 // ZDI: ZDI-23-761 // VULMON: CVE-2023-34263

AFFECTED PRODUCTS

vendor:	fatek automation	model:	fvdesigner	scope:	-	version:	-	Trust: 1.5
vendor:	fatek	model:	fvdesigner	scope:	eq	version:	1.6.24	Trust: 1.0
vendor:	fatek automation	model:	fvdesigner	scope:	eq	version:	1.6.24	Trust: 0.8
vendor:	fatek automation	model:	fvdesigner	scope:	eq	version:	-	Trust: 0.8

sources: ZDI: ZDI-23-761 // JVNDB: JVNDB-2023-028468 // NVD: CVE-2023-34263

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-34263
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2023-34263
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-34263
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-34263
value:	HIGH
Trust: 0.7

zdi-disclosures@trendmicro.com:	CVE-2023-34263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2023-34263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2023-34263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-761 // JVNDB: JVNDB-2023-028468 // NVD: CVE-2023-34263 // NVD: CVE-2023-34263

PROBLEMTYPE DATA

problemtype:	CWE-824	Trust: 1.0
problemtype:	Accessing uninitialized pointers (CWE-824) [ others ]	Trust: 0.8
problemtype:	Accessing uninitialized pointers (CWE-824) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-028468 // NVD: CVE-2023-34263

EXTERNAL IDS

db:	NVD	id:	CVE-2023-34263	Trust: 3.4
db:	ZDI	id:	ZDI-23-761	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-028468	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-18162	Trust: 0.7
db:	VULMON	id:	CVE-2023-34263	Trust: 0.1

sources: ZDI: ZDI-23-761 // VULMON: CVE-2023-34263 // JVNDB: JVNDB-2023-028468 // NVD: CVE-2023-34263

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-23-761/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34263	Trust: 0.8

sources: VULMON: CVE-2023-34263 // JVNDB: JVNDB-2023-028468 // NVD: CVE-2023-34263

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-23-761

SOURCES

db:	ZDI	id:	ZDI-23-761
db:	VULMON	id:	CVE-2023-34263
db:	JVNDB	id:	JVNDB-2023-028468
db:	NVD	id:	CVE-2023-34263

LAST UPDATE DATE

2025-03-25T23:28:31.769000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-761	date:	2023-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-028468	date:	2025-03-24T05:52:00
db:	NVD	id:	CVE-2023-34263	date:	2025-03-13T16:42:49.573

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-761	date:	2023-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-028468	date:	2025-03-24T00:00:00
db:	NVD	id:	CVE-2023-34263	date:	2024-05-03T02:15:24.397